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Detailed Action 



Claims 1-50 have been examined and are pending. 



Response to Arguments 



Applicant's arguments, see pages 12-14, filed 1-26-04, with respect to the 
rejection(s)of claim(s) 1-49 under USC 102(b) have been fully considered and are 
persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of newfound prior art. 

Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claims 1-14, 29-36, and 41-48 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Haber et al (USP Re. 34,954) in view of Schneier (Applied 
Cryptography). 

As per claim 1 , Haber et al teach: 

Receiving a time stamp request at an outside agency at a first time, said time 
stamp request including identifying data associated with said document (column 2, line 
55— column 3, line 10); 
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Creating at said outside agency a time stamp receipt based on said identifying 
data and a time indication (column 2, line 55 — column 3, line 10); 

Transmitting said time stamp receipt and said message authentication code to a 
designated party (FIG. 1, block 19); 

Haber et al fails to explicitly teach generating a message authentication code 
(herein MAC) based on said time stamp receipt and a secret key. Schneier teaches 
that the use of MAC'S as a way to prove that a document has not been forged or altered 
(pages 455-459). MAC's are well known in the art and have many uses. Only hashing 
the same exact document with the same secret key will generate a new MAC that 
matches the saved MAC. Using a MAC has some advantages in security. Only the 
entity that creates a MAC can validate the MAC if the secret key used to create the 
MAC belongs to the entity. It would be advantageous to generate a MAC based upon 
the time stamp receipt and a secret key because it would allow the person wanting to 
validate the time stamp (presumably not the owner) to interact with a trusted outside 
agency first hand. This would remove any doubt about the origin of a receipt the person 
might have if he/she is receiving a time stamp that is already certified. The person 
would also have a second source of validation that none of the contents of the time 
stamp receipt have been altered since it was stamped. By using a MAC it would force 
an interaction with the outside agency at a later time in order to validate the MAC. Also 
the outside agency would then use a cryptographic signature scheme to generate a new 
MAC on the received time stamp receipt based on the same secret key and compare 
the new MAC with the received time stamp receipt. 
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In view of this it would have been obvious to one of ordinary skill in the art at the 
time of the invention to employ the teachings of Schneier within the system of Haber et 
al because generating a MAC based upon the time stamp receipt and a secret key 
would provide another means to authenticate a time stamp with a trusted outside 
agency to further insure that the time stamp receipt had not in any way been forged or 
altered since the time of the signing. 



As per claims 2-6, Haber et al teach a method of identifying data that comprises 
a hash value generated from a one-way hash function and including the hash value and 
the time indication to the time stamp receipt (column 3, lines 10-65). 

As per claim 7, Haber et al teach said time stamp request further includes an 
identification number associated with the requestor (column 3, lines 10-65 column 4, 
lines 8-39). 

As per claim 8, Haber et al teach said message authentication code comprise a 
digital sequence generated by application of a deterministic function to said time stamp 
receipt and said secret key concatenate together (column 3, lines 10-65). 

As per claim 9, Haber et al teach the step of validating said message 
authentication code includes recomputing said message authentication code at said 
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outside agency using said received time stamp receipt and said secret key and 
comparing the recomputed message authentication code to said received message 
authentication code (see abstract). 

As per claim 10, Haber et al teach wherein the certifying step includes signing 
said message authentication code using a private signature key controlled by said 
outside agency (see abstract). 

As per claim 1 1 , Haber et al teach wherein the certifying step includes signing 
said time stamp receipt using a private signature key controlled by said outside agency 
(see abstract). 

As per claim 12, Haber et al teach storing said secret key in a database at said 
outside agency (column 3, line 40-45). Having to remember the original number or 
secret key is necessary to validate one-way hash functions or MACs, which are one- 
way hash functions, which use a secret key. It is therefore inherent that the secret key 
is stored in a database where it can later be retrieved to certify a timestamp. 

As per claim 13, Haber et al teach wherein each time stamp receipt includes a 
sequential record number that is used at said outside agency to look up said secret key 
in said database (column 4, lines 8-20). 



Application/Control Number: 09/458,921 Page 6 

Art Unit: 2131 

As per claim 14, Haber et al teach the step of transmitting said certified time 
stamp receipt to said requestor (column 4, line 8-26). 



As per claim 29, Haber et al teach: 

Receiving a time stamp request at an outside agency at a first time, said time 
stamp request including identifying data associated with said document (column 2, line 
55 — column 3, line 10); 

Creating at said outside agency a time stamp receipt based on said identifying 
data and a time indication (column 2, line 55 — column 3, line 10); 

Haber et al fails to explicitly teach generating a message authentication code 
(herein MAC) based on said time stamp receipt and a secret key. Schneier teaches 
that the use of MAC's as a way to prove that a document has not been forged or altered 
(pages 455-459). MAC's are well known in the art and have many uses. Only hashing 
the same exact document with the same secret key will generate a new MAC that 
matches the saved MAC. Using a MAC has some advantages in security. Only the 
entity that creates a MAC can validate the MAC if the secret key used to create the 
MAC belongs to the entity. It would be advantageous to generate a MAC based upon 
the time stamp receipt and a secret key because it would allow the person wanting to 
validate the time stamp (presumably not the owner) to interact with a trusted outside 
agency first hand. This would remove any doubt about the origin of a receipt the person 
might have if he/she is receiving a time stamp that is already certified. The person 
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would also have a second source of validation that none of the contents of the time 
stamp receipt have been altered since it was stamped. By using a MAC it would force 
an interaction with the outside agency at a later time in order to validate the MAC. Also 
the outside agency would then use a cryptographic signature scheme to generate a new 
MAC on the received time stamp receipt based on the same secret key and compare 
the new MAC with the received time stamp receipt. 

In view of this it would have been obvious to one of ordinary skill in the art at the 
time of the invention to employ the teachings of Schneier within the system of Haber et 
al because generating a MAC based upon the time stamp receipt and a secret key 
would provide another means to authenticate a time stamp with a trusted outside 
agency to further insure that the time stamp receipt had not in any way been forged or 
altered since the time of the signing. 

Transmitting said time stamp receipt and said message authentication code to a 
designated party (FIG. 1, block 19). 

As per claims 30-34, Haber et al teach a method of identifying data that 
comprises a hash value generated from a one-way hash function and including the hash 
value and the time indication to the time stamp receipt (column 3, lines 10-65). 

As per claim 35, Haber et al teach said time stamp request further includes an 
identification number associated with the requestor (column 3, lines 10-65 column 4, 
lines 8-39). 
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As per claim 36, Haber et al teach said message authentication code comprise a 
digital sequence generated by application of a deterministic function to said time stamp 
receipt and said secret key concatenate together (column 3, lines 10-65). 

As per claim 41 , Haber et al teach: 

Haber et al fails to explicitly teach generating a message authentication code 
(herein MAC) based on said time stamp receipt and a secret key. Schneier teaches 
that the use of MAC's as a way to prove that a document has not been forged or altered 
(pages 455-459). MAC's are well known in the art and have many uses. Only hashing 
the same exact document with the same secret key will generate a new MAC that 
matches the saved MAC. Using a MAC has some advantages in security. Only the 
entity that creates a MAC can validate the MAC if the secret key used to create the 
MAC belongs to the entity. It would be advantageous to generate a MAC based upon 
the time stamp receipt and a secret key because it would allow the person wanting to 
validate the time stamp (presumably not the owner) to interact with a trusted outside 
agency first hand. This would remove any doubt about the origin of a receipt the person 
might have if he/she is receiving a time stamp that is already certified. The person 
would also have a second source of validation that none of the contents of the time 
stamp receipt have been altered since it was stamped. By using a MAC it would force 
an interaction with the outside agency at a later time in order to validate the MAC. Also 
the outside agency would then use a cryptographic signature scheme to generate a new 
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MAC on the received time stamp receipt based on the same secret key and compare 
the new MAC with the received time stamp receipt. 

In view of this it would have been obvious to one of ordinary skill in the art at the 
time of the invention to employ the teachings of Schneier within the system of Haber et 
al because generating a MAC based upon the time stamp receipt and a secret key 
would provide another means to authenticate a time stamp with a trusted outside 
agency to further insure that the time stamp receipt had not in any way been forged or 
altered since the time of the signing. 

As per claim 42, Haber et al teach wherein the certifying step includes signing 
said message authentication code using a private signature key controlled by said 
outside agency (see abstract). 

As per claim 43, Haber et al teach wherein the certifying step includes signing 
said time stamp receipt using a private signature key controlled by said outside agency 
(see abstract). 

As per claim 44, Haber et al teach the step of transmitting said certified time 
stamp receipt to said requestor (column 4, line 8-26). 
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As per claims 45 and 47, Haber et al teach certifying said time stamp receipt at 
outside agency comprises signing said time stamp receipt with a private signature key 
(column 7, line 10). 

As per claims 46 and 48, the examiner supplies the same rationale for the 
motivation as recited in the rejection of claim 41 to incorporate the teachings of 
Schneier within the system of Haber et al. Haber teaches that the key is a secret key 
and private signature keys are often referred to as secret keys in the art of 
cryptography. 



Claims 15-28, 37-40, 49, and 50 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Haber et al in view of Schneier in view of Doyle (WO 99/16209). 



As per claims 15, and 37-40 Haber et al teach: 
Receiving a time stamp request at an outside agency at a first time, said time stamp 
request including identifying data associated with said document (column 2, line 55 — 
column 3, line 10); 
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Creating at said outside agency a time stamp receipt based on said identifying 
data and a time indication (column 2, line 55 — column 3, line 10); 

Haber et al fails to explicitly teach generating a message authentication code 
(herein MAC) based on said time stamp receipt and a secret key. Schneier teaches 
that the use of MAC's as a way to prove that a document has not been forged or altered 
(pages 455-459). MAC's are well known in the art and have many uses. Only hashing 
the same exact document with the same secret key will generate a new MAC that 
matches the saved MAC. Using a MAC has some advantages in security. Only the 
entity that creates a MAC can validate the MAC if the secret key used to create the 
MAC belongs to the entity. It would be advantageous to generate a MAC based upon 
the time stamp receipt and a secret key because it would allow the person wanting to 
validate the time stamp (presumably not the owner) to interact with a trusted outside 
agency first hand. This would remove any doubt about the origin of a receipt the person 
might have if he/she is receiving a time stamp that is already certified. The person 
would also have a second source of validation that none of the contents of the time 
stamp receipt have been altered since it was stamped. By using a MAC it would force 
an interaction with the outside agency at a later time in order to validate the MAC. Also 
the outside agency would then use a cryptographic signature scheme to generate a new 
MAC on the received time stamp receipt based on the same secret key and compare 
the new MAC with the received time stamp receipt. 

In view of this it would have been obvious to one of ordinary skill in the art at the 
time of the invention to employ the teachings of Schneier within the system of Haber et 
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al because generating a MAC based upon the time stamp receipt and a secret key 
would provide another means to authenticate a time stamp with a trusted outside 
agency to further insure that the time stamp receipt had not in any way been forged or 
altered since the time of the signing. 

Haber et al are silent in disclosing encrypting the secret key with a second secret 
key to generate a key message. Doyle teaches encrypting a public key with a secret 
private key [claim 8]. Encrypting a key with a private key creates a key message, which 
can be validated by a public key to prove authenticity. Also this procedure removes the 
agency from having to remember the first private key. 

In view of this, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to employ the teachings of Doyle within the system of Haber et al 
because it would allow the first encryption key to be encrypted with the private key of 
the trusted agency prevent the agency from having to remember many private keys. 

Haber et al are silent in disclosing generating a second message authentication 
code based on the first message authentication code. Doyle teaches encrypting data 
associated with the certification request using the second private key [pg. 12, lines 25- 
26 and claim 10]. Using the private key to encrypt data, attributes the encryption to a 
particular author whereby the data can be validated using the public key of the owner of 
the private key. It would have been obvious to one of ordinary skill that the first 
message authentication code can be validated by using the second secret key from the 
teaching of Doyle (pg. 1 1 , line 30— pg. 12, line 1 ). 
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In view of this, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to employ the teachings of Doyle within the system of Haber et al 
because it would allow a second message authentication code to be created based on 
the first message authentication code which corresponds to a particular entity without 
having to remember both the first private key used and who it belongs to. Simply 
knowing the master private key is enough information to decrypt the message 
authentication code to reveal who the owner of the data is and when it was signed 
without revealing the plaintext. Using the private key to encrypt data, attributes the 
encryption to a particular author whereby the data can be validated using the public key 
of the owner of the private key. 

From the employing of the teachings of Doyle within the system of Haber et al, it 
follows that: 

Haber et al are silent in expressly disclosing transmitting a second message 
authentication code and the encrypted key message. The examiner supplies to same 
rationale for the motivation to incorporate the teachings of Doyle within the system of 
Haber et al. Therefore it would have been obvious to include the second message 
authentication code and the encrypted key message along with the time stamp receipt 
and first message authentication code to the requestor as Haber et al teach (column 2, 
line 55— column 3, line 10 and column 4, lines 8-39). 



As per claims 16-20, Haber et al teach a method of identifying data that 



Application/Control Number: 09/458,921 Page 14 

Art Unit: 2131 

comprises a hash value generated from a one-way hash function and including the hash 
value and the time indication to the time stamp receipt (column 3, lines 10-65). 

As per claim 21 , Haber et al teach said time stamp request further includes an 
identification number associated with the requestor (column 3, lines 10-65 column 4, 
lines 8-39). 

As per claim 22, Haber et al teach said message authentication code comprise a 
digital sequence generated by application of a deterministic function to said time stamp 
receipt and said secret key concatenate together (column 3, lines 10-65). 

As per claim 23, the examiner supplies the same rationale for the motivation as 
recited in the rejection of claim 15 to incorporate the teachings of Doyle within the 
system of Haber et al to include a second message authentication code. Haber et al 
teach said message authentication code comprise a digital sequence generated by 
application of a deterministic function to said time stamp receipt and said secret key 
concatenate together (column 3, lines 10-65). Therefore it would have been obvious 
that the second message authentication code also comprises a numeric representation. 

As per claim 24, the examiner supplies the same rationale for the motivation as 
recited in the rejection of claim 15 to incorporate the teachings of Doyle within the 
system of Haber et al to include a second message authentication code. Haber et al 



Application/Control Number: 09/458,921 Page 15 

Art Unit: 2131 

teach the step of validating said message authentication code includes recomputing 
said message authentication code at said outside agency using said received time 
stamp receipt and said secret key and comparing the recomputed message 
authentication code to said received message authentication code (see abstract). It is 
obvious that, because the second message authentication code comprises that 
concatenation of the first message authentication code and the secret keys, that the first 
message authentication code which was sent would be compared to the first 
authentication code which is a part of the second message authentication code. 

As per claim 25, Haber et al teach the step of validating said message 
authentication code includes recomputing said message authentication code at said 
outside agency using said received time stamp receipt and said secret key and 
comparing the recomputed message authentication code to said received message 
authentication code (see abstract). 

As per claim 26, Haber et al teach wherein the certifying step includes signing 
said message authentication code using a private signature key controlled by said 
outside agency (see abstract). 

As per claim 27, Haber et al teach wherein the certifying step includes signing 
said time stamp receipt using a private signature key controlled by said outside agency 
(see abstract). 
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As per claim 28, Haber et al teach the step of transmitting said certified time 
stamp receipt to said requestor (column 4, line 8-26). 

As per claim 49, Haber et al teach certifying said time stamp receipt at outside 
agency comprises signing said time stamp receipt with a private signature key (column 
7, line 10). 

As per claim 50, the examiner supplies the same rationale for the motivation as 
recited in the rejection of claim 41 to incorporate the teachings of Schneier within the 
system of Haber et al. Haber teaches that the key is a secret key and private signature 
keys are often referred to as secret keys in the art of cryptography. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael R Vaughan whose telephone number is 703- 
305-0354. The examiner can normally be reached on M-F 7:30-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

MV 

Michael R Vaughan 
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